The ICO said that Lancashire CC breached the Data Protection Act, and the council's chief executive Ged Fitzgerald has signed an undertaking to introduce a written procedure for disposing of office equipment.
It says that the social casework files, which were duplicates of those held by the county council, included extensive amounts of personal data, including ethnicity, religion and physical and mental health conditions of clients. "The personal data contained in these
records was extensive and, in one instance, provided an almost complete picture of the individual's life," it said in the statement of undertaking signed by Lancashire.
The ICO, which said it had been alerted by a newspaper article to the incident, added that it had considered remedial action already taken by Lancashire and had decided against serving an enforcement notice on the county.
Under legislation which comes into force on 1 April 2010, the ICO will be able to fine organisations up to £500,000 for breaches of personal data.
Staff
You have characters left
Please read our community standards.
Closing this window without pressing "Post your comment" will result in your words being lost.
Are you sure?
Thank you for your comment. This has been submitted for moderation.
Your comment has been successfully posted.
Sorry, something has gone wrong and this action cannot be completed. Please try again later.